Secret CSO: Alexandru Catalin Cosoi, BITDEFENDER

• Posted by
  IDG Connect
  

• on May 30 2019
  

Name: Alexandru Catalin Cosoi

Organisation: BITDEFENDER

Job title: Chief Security Strategist

Date started current role: June 2015

Location: Bucharest, Romania

As Bitdefender's Chief Security Strategist, Alexandru Catalin Cosoi wears many hats, from energising and publicising the company's technological progress to leading the cyber-intelligence team tasked with helping local and international law enforcement agencies fight cybercrime. Alexandru is also a member of the Internet Security Advisory Group at Europol and Bitdefender's liaison with Interpol, and he is in direct contact with 60 CERTs worldwide. Throughout the past decade, Alexandru has been delivering talks and trainings to numerous international events, evangelising the threat landscape of the cybersecurity industry, dissecting attacks and training people to use different technologies. Alexandru specialises in pattern extraction and recognition technologies, with an accent on neural networks and machine learning. His technical achievements have so far materialised in six granted patents and a series of classification technologies being implemented in Bitdefender software. 

What was your first job? I started working as an intern at Bitdefender back in the summer of 2004 in the R&D department of the AntiSPAM Laboratory. Nowadays most people are familiar with the notion of SPAM and most security or anti-spam vendors do a good job in filtering it out, back then it was a serious issue as massive amounts of SPAM messages were sent to everyone and people were less educated in correctly identifying which emails were safe and which weren't.

The first project that I was tasked with was to explore the idea of using Neural Networks in antiSPAM filtering. It took me seven months to finalise the project which later was included in the consumer line security suite and was also granted a patent.

I decided that it was time to move to full time employment and after 15 years I'm still with the company, even though I had many roles.

How did you get involved in cybersecurity? This is an easy one, as Bitdefender is a cybersecurity company.

What was your education? Do you hold any certifications? What are they? I graduated in 2007 from the University "Politehnica" of Bucharest, Faculty of Automatic Control and Computers. My bachelor thesis was actually related to the project I was also doing at work, applying machine learning technologies into SPAM detection. Later on, I obtained a PhD in natural language processing technologies.

I did indeed get some security certifications but that was several years later. Experience is the best certification you can get.

Explain your career path. Did you take any detours? If so, discuss. Taking detours can be quite easy as there are a lot of temptations along the way. However, I managed to stay in this field while also mentally exploring a few detours.

Was there anyone who has inspired or mentored you in your career? There were many people who inspired me during my career. It would not be fair to single one of them out as many people had a role in shaping what I am today.

What do you feel is the most important aspect of your job? Keep up to date!

What metrics or KPIs do you use to measure security effectiveness?

• Number of bug bounty reports
• Number of red team reports
• Time to detection
• Time to remediation
• Costs

Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill? Yes, we also feel the burden of skills shortage. The industry is evolving at a really fast pace and there are not enough professionals in the market. There are probably many reasons behind that like the fact that cyber security can be perceived like a difficult field compared for instance with php programming (to give an example that stays in the IT field). However, once you start tackling cybersecurity, you can never go back as you uncover a new astonishing field.

We do trainings, we work closely with universities, we have different mentorship programmes, internships, etc. We do all the known steps to educate and bring new workforce into the industry. Whatever the future technologies will bring is unknown, but the need for cybersecurity will increase exponentially. This is the best field to bet on your job safety.

Cybersecurity is constantly changing - how do you keep learning? This statement is the only constant in the cyber security industry and once you become active in this field, you quickly learn that you need to constantly be aware of any new developments. I guess once you realise that you have to follow all the cybersecurity news, all the new CVEs that get published and all available exploits, you develop a daily routine of keeping up to date. It gets in your blood.

What conferences are on your must-attend list? Blackhat and Defcon Las Vegas. Definitely!

What is the best current trend in cybersecurity? The worst? There is a lot to discuss here …  I will only provide 4 examples though.

Cyber Security

• Simplification. There is this tendency where cyber security is presented as something transparent, easy to understand and one click away. You will see companies throwing around words like machine learning, automation, cloud, etc, stating that if you get their product, security will be as easy as 1.2.3. No. That's never true. Securing an infrastructure is not easy at all. Of course, you can be prepared, you can be compliant, but just take the word "easy" out of the marketing materials.
• Evolution. Things never stay the same and you need to keep up with everything. I will provide one example: During a pentest, the CISO stated that he's not that concerned because no one in the organisation had admin rights on their machines. After the pentest, we concluded that 30% of the employees had admin rights. Things evolve in time, exceptions from the main rule are created and if you do not pay attention, you can wake up to a disaster.

Cyber Insecurity

• Ransomware was the main headline for several years now and looking at how people or organisations treat cybersecurity, it will still be here a few years from now. It's easy money.
• Hacking is not as difficult as you might imagine. We usually read only about the big ones, where millions of either dollars or credentials disappeared. However, the number of hacks is at least 20 times higher than the amount you read about every day.

What's the best career advice you ever received? "Assumption is the mother of all f*ckups".

What advice would you give to aspiring security leaders?

• Do NOT leave this field. If you think it's difficult, there's plenty of information to consume.
• Never assume that you can know everything. If you take a two week vacation, when you come back you will learn that new stuff has appeared on the "market"
• Play that CTF if you get the time!
• Send people to trainings and events
• Network! Law enforcement is your friend

Looking back with 20:20 hindsight, what would you have done differently? I think everyone answers with no to this question, right? 🙂

Actually, I should have paid more attention to the technical side of things. If you don't have the right building blocks, it's harder to keep up.

Comments are closed.